Color logo - no background.png

Advancement through Cyber Resilience

-
EN

Access Control

Which statement better describes the current state of the user provisioning and de-provisioning process?
Do you perform multi-factor authentication to control external and/or privileged access to systems contain the Customer Information?
Please select the statement that best describes the protection applied to privileged accounts?
Which statement better describes the current state of the Password Management process and systems within the environment?
Do you frequently review the user accounts and their associated access rights?

Page 4/9

HR Security

Which statement better describes the current state of security in Human Resource practices?
Do you conduct frequent information security awareness training that includes organisational policies and basic security topics (phishing, physical security, etc.)?

Page 3/9

Incident Response

Which statement better describes the current state of the Information Security Incident Response process?
In the event of a security breach of the Customer Information, do you have the ability to detect and respond to the security breach and also a Communications Strategy to notify the Customer within an acceptable and contractually compliant timeframe?

Page 7/9

Data Security

Do you have a formalised process around the Customer Information ensuring such information is identified, classified, labelled, protected based on their sensitivity and contractual obligations, and will be retained/destructed following the business requirements?
Do you encrypt sensitive data at-rest and in-transit by using the latest internationally acceptable cryptographic standards?
Which statement better describes the current practices around Data Loss Prevention (DLP)?
Which statement better describes the current state of Data Sovereignty?

Page 2/9

Operations Security

Please select the statement that best describes the state of the Operational Change Management process within the organisation.
Do you have formalised vulnerability and patch management processes and supporting technology solution ensuring a comprehensive and periodic installation of security patches?
Please select the statement that best describes the current backup process over the Customer Information?
Please select the statement that best describes the state of the Log Management process within the organisation.
Please select the statement that best describes the Anti-malware program?
Do you perform frequent security assessments of the internal and external environments that contain or connect to the Customer Information?
Please select the statement that best describes the involvement of Information Security in the Project Management process.

Page 5/9

Network Security

Which statement better describes the security practices applied to the environment containing the Customer Information?
Please select the statement that best describes the current protection of Network Devices.
Do you have a solution for Email Security?
Do you allow BYOD or mobile devices to access the Customer Information?
Please select the statement that best describes the organisation's approach towards BYOD and mobile devices
Do you allow remote connections to the environment containing the Customer Information?
Which statement better describes the security practices applied to remote connections?
Do you allow wireless access to the environment containing the Customer Information?
Which statement better describes the security practices applied to wireless connections?
Which statement better describes the current state of Application Whitelisting?

Page 6/9

Security Governance

Which statement better describes the current state of the Organisation of Information Security?
What is the current practice towards Information Security Risk Management?
Do you have an overarching Information Security Policy?
Which statement better describes the current state of Information Security policies, standards, and procedures within the organisation?
Do you perform Information Security Audit to assess security controls' effectiveness and efficiency over the environment containing Customer Information?
Which statement better describes the current state of the Business Continuity Management System (BCMS) over the environment containing Customer Information?
Do you have a Supplier Security Program?
Please select the statement that best describes the current Compliance practices associated with information and information processing facilities.
Which statement better describes the current status of Cyber threat intelligence?

Page 1/9

Physical Security

Does the organisation have clearly defined security perimeters to protect areas that contain or provide access to the Customer Information and information processing facilities?
Do you monitor and protect the secure areas that contain or provide access to the Customer Information with appropriate access controls and surveillance systems?
Do you have physical controls to protect against natural disasters, malicious attacks, or accidents?
Please select the statement that best describes the current practices towards physical assets associated with information and information processing facilities.
Please select a statement that best describes the current practices of Media Management.

Acknowledgement

Please agree to above T&Cs first before you proceed!

Page 9/9

Application Security

Are you using any internally developed business systems containing the Customer Information?
Which statement better describes the current state of Security in the System Development Lifecycle (S-SDLC)?
Which statement better describes the current state of protection applied to software assets containing or interacting with the Customer Information?
Do you have externally exposed and mission-critical application services containing or interacting with Customer Information? If so, which statement better describes the current practices applied to protect the application services?

Page 8/9

-
EN